E:\Moving\!projecting\MSP\PhUniDrvSS\Src\hj_flt\clasupper\objfre_w2k\i386\JA_flt.pdb
Static task
static1
1 signatures
General
-
Target
48401f396e039e6b51e4fef98f7106ba923443053938680aa4ad38f5fdca50f2_NeikiAnalytics.exe
-
Size
3KB
-
MD5
d21c76b4f2a4227256ed28803c1ddfe0
-
SHA1
2ed11af9e62fd66c8a2def8fee321d30d63807fa
-
SHA256
48401f396e039e6b51e4fef98f7106ba923443053938680aa4ad38f5fdca50f2
-
SHA512
f49e18db54c682447f1155849fd9838563be7b1773b7de2068db67708a4216d27cc356fdecb2d92b357bd0a6918ecebc652ad4533c86f11afd31ced9c0a380b0
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 48401f396e039e6b51e4fef98f7106ba923443053938680aa4ad38f5fdca50f2_NeikiAnalytics.exe
Files
-
48401f396e039e6b51e4fef98f7106ba923443053938680aa4ad38f5fdca50f2_NeikiAnalytics.exe.sys windows:5 windows x86 arch:x86
fd33a6a5c243ec889685e62c2958d337
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ObfDereferenceObject
IoGetAttachedDeviceReference
IoIsWdmVersionAvailable
IofCallDriver
IoCreateDevice
PoCallDriver
PoStartNextPowerIrp
IoDetachDevice
KeInitializeSpinLock
IoAttachDeviceToDeviceStack
KeDelayExecutionThread
IoDeleteDevice
hal
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
Sections
.text Size: 384B - Virtual size: 282B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 217B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 640B - Virtual size: 548B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 640B - Virtual size: 544B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 896B - Virtual size: 864B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 128B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ